# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe KnowledgeBase::EffectivePermission do
  include_context 'basic Knowledge Base'

  describe '#access_effective' do
    let(:role_editor) { create(:role, permission_names: 'knowledge_base.editor') }
    let(:role_reader) { create(:role, permission_names: 'knowledge_base.reader') }
    let(:role_non_kb) { create(:role, :admin) }

    let(:user) { create(:user, roles: [role_editor, role_reader, role_non_kb]) }
    let(:user_editor) { create(:user, roles: [role_editor]) }
    let(:user_admin)  { create(:admin) }
    let(:user_reader) { create(:user, roles: [role_reader]) }
    let(:user_nonkb)  { create(:user, roles: [role_non_kb]) }

    let(:child_category) { create(:knowledge_base_category, parent: category) }

    it 'editor with no permissions defined returns editor' do
      expect(described_class.new(user_editor, category).access_effective).to eq 'editor'
    end

    it 'user with multiple permissions defined returns editor' do
      expect(described_class.new(user, category).access_effective).to eq 'editor'
    end

    it 'reader with no permissions defined returns reader' do
      expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
    end

    it 'non-kb with no permissions defined returns none' do
      expect(described_class.new(user_nonkb, category).access_effective).to eq 'none'
    end

    it 'editor with both reader and editor permissions returns editor' do
      create_permission(role_reader, 'reader')
      create_permission(role_editor, 'editor')

      expect(described_class.new(user_admin, category).access_effective).to eq 'editor'
    end

    it 'editor with reader permission on parent category returns reader' do
      create_permission(role_editor, 'reader')

      expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
    end

    it 'editor with reader permission on KB returns reader' do
      create_permission(role_editor, 'reader', permissionable: knowledge_base)

      expect(described_class.new(user_editor, category).access_effective).to eq 'reader'
    end

    it 'editor with reader permission on parent category but editor permission on category returns editor' do
      create_permission(role_editor, 'reader', permissionable: category)
      create_permission(role_editor, 'editor', permissionable: child_category)

      expect(described_class.new(user_editor, child_category).access_effective).to eq 'editor'
    end

    it 'editor with editor permission on parent category but reader permission on category returns reader' do
      create_permission(role_editor, 'editor', permissionable: category)
      create_permission(role_editor, 'reader', permissionable: child_category)

      expect(described_class.new(user_editor, child_category).access_effective).to eq 'reader'
    end

    it 'reader with reader and non-effective permissions returns reader' do
      create_permission(role_reader, 'reader')
      create_permission(role_editor, 'editor')

      expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
    end

    it 'reader with no matching permissions returns reader' do
      create_permission(role_editor, 'editor')

      expect(described_class.new(user_reader, category).access_effective).to eq 'reader'
    end

    it 'retuns none when user not given' do
      expect(described_class.new(nil, category).access_effective).to eq 'none'
    end
  end

  def create_permission(role, access, permissionable: category)
    create(:knowledge_base_permission, role: role, permissionable: permissionable, access: access)
  end
end